Re: Problem with AbstractUsernameTokenInInterceptor

Thu, 03 Feb 2011 03:12:38 -0800 

Hi

What WS-Security namespace is being used in the request ?
If the "ws-security.ut.no-callbacks" is set to true then the
org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor should not be
invoked because it does currently require a callback for hashed UTs. So if
the property is set then the WSS4JInInterceptor registers a custom
UsernameTokenProcessor for

"
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
and
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";.

Thanks, Sergey

On Thu, Feb 3, 2011 at 10:51 AM, Anand R <[email protected]> wrote:

> Hi Sergey,
>
> Thanks for your response. I used to get the following exception when I did
> not configure a callback handler. This exception does not come if the
> password is plain text instead of a digest.
>
> org.apache.cxf.interceptor.Fault: General security error
> (WSSecurityEngine: No password callback supplied)
>        at
>
> org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:154)
>        at
>
> org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:114)
>        at
>
> org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.handleMessage(UsernameTokenInterceptor.java:72)
>         at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
>        at
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113)
>        at
>
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97)
>        at
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461)
>        at
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188)
>        at
>
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)
>        at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
>        at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
>        at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>        at
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
>        at
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>        at
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>        at
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
>        at
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>        at
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>        at
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>        at
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>        at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212)
>        at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>        at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634)
>        at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
>        at java.lang.Thread.run(Thread.java:595)
> Caused by: org.apache.ws.security.WSSecurityException: General security
> error (WSSecurityEngine: No password callback supplied)
>        at
>
> org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:91)
>        at
>
> org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.getPrincipal(UsernameTokenInterceptor.java:167)
>        at
>
> org.apache.cxf.ws.security.wss4j.UsernameTokenInterceptor.processUsernameToken(UsernameTokenInterceptor.java:129)
>        ... 24 more
>
>
> Thanks and regards,
> Anand R
> System Architect
> IBS Software Services Private Limited
> 2nd Floor - Left Wing, IBS Towers, Technopark Campus, Trivandrum - 695581,
> Kerala, India
> Telephone - +91-471-6614291, Mobile - +91-9846324022
> E-Mail - [email protected], www.ibsplc.com
>
>
>
>
> From:   Sergey Beryozkin <[email protected]>
> To:     [email protected]
> Date:   03-02-11 04:08 PM
> Subject:        Re: Problem with AbstractUsernameTokenInInterceptor
>
>
>
> Hi
>
> On Thu, Feb 3, 2011 at 6:37 AM, Anand R <[email protected]> wrote:
>
> > Hi,
> >
> > My requirement is to perform a custom authentication on the username and
> > password that I receive as part of the UsernameToken header in the
> > incoming SOAP request. I discovered that cxf-2.3.2 provides an
> > AbstractUsernameTokenInInterceptor to perform this. I extended this
> class
> > and created my interceptor that overrides the createSubject method. When
> I
> > configure my interceptor in my beans.xml as shown below, I am getting an
> > exception.
> >
> > This exception comes up when I use a password digest. The plain text
> > password works fine. Is there any problem in the way I have configured
> my
> > interceptor?
> >
> >
> > Entry in beans.xml
> >
> >        <jaxws:endpoint id="echo"
> > implementor="learn.wssecurity.echo.EchoServiceImpl"
> >                wsdlLocation="wsdl/echo/EchoService.wsdl"
> > address="/EchoService">
> >                <jaxws:inInterceptors>
> >                          <bean
> > class="learn.wssecurity.echo.WSSUsernameTokenInterceptor"/>
> >                </jaxws:inInterceptors>
> >                <jaxws:properties>
> >                        <entry key="ws-security.callback-handler"
> > value="learn.wssecurity.echo.ServerPasswordCallback" />
> >                        <entry key="ws-security.ut.no-callbacks"
> > value="true" />
> >                </jaxws:properties>
> >        </jaxws:endpoint>
> >
> >
>
> What is the purpose of registering ServerPasswordCallback ? If you set a
> "ws-security.ut.no-callbacks" property then you only need a callback if
> you
> have an encrypted UT, so that the UT can be decrypted.
> So this callback that you're registering may be interfering in the case
> when
> you have a hashed UT token, can you remove it please and see what happens
> ?
>
> Cheers, Sergey
>
>
>
>
> >
> > Exception
> >
> > java.lang.SecurityException: Security Token is not available on the
> > current message
> >        at
> >
> >
>
> org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.reportSecurityException(AbstractSecurityContextInInterceptor.java:
> > 88)
> >        at
> >
> >
>
> org.apache.cxf.interceptor.security.AbstractSecurityContextInInterceptor.handleMessage(AbstractSecurityContextInInterceptor.java:47)
> >        at
> >
> >
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
> >        at
> >
> >
>
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:113)
> >        at
> >
> >
>
> org.apache.cxf.transport.servlet.ServletDestination.invoke(ServletDestination.java:97)
> >        at
> >
> >
>
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:461)
> >        at
> >
> >
>
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:188)
> >        at
> >
> >
>
> org.apache.cxf.transport.servlet.AbstractCXFServlet.invoke(AbstractCXFServlet.java:148)
> >        at
> >
> >
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:179)
> >        at
> >
> >
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:103)
> >        at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> >        at
> >
> >
>
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:159)
> >        at
> >
> >
>
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> >        at
> >
> >
>
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> >        at
> >
> >
>
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
> >        at
> >
> >
>
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> >        at
> >
> >
>
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> >        at
> >
> >
>
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> >        at
> >
> >
>
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> >        at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212)
> >        at
> >
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> >        at
> >
> >
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634)
> >        at
> > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
> >        at java.lang.Thread.run(Thread.java:595)
> >
> > Thanks and regards,
> > Anand R
> >
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> >
> > "The information in this e-mail and any attachment is intended only for
> > the person to whom it is addressed and may contain confidential and/or
> > privileged material. If you have received this e-mail in error, kindly
> > contact the sender and destroy all copies of the original communication.
> > IBS makes no warranty, express or implied, nor guarantees the accuracy,
> > adequacy or completeness of the information contained in this email or
> any
> > attachment and is not liable for any errors, defects, omissions, viruses
> > or for resultant loss or damage, if any, direct or indirect."
> >
> >
> >
> >
> >
>
>
>
>
>
>
>
> DISCLAIMER:
>
> "The information in this e-mail and any attachment is intended only for
> the person to whom it is addressed and may contain confidential and/or
> privileged material. If you have received this e-mail in error, kindly
> contact the sender and destroy all copies of the original communication.
> IBS makes no warranty, express or implied, nor guarantees the accuracy,
> adequacy or completeness of the information contained in this email or any
> attachment and is not liable for any errors, defects, omissions, viruses
> or for resultant loss or damage, if any, direct or indirect."
>
>
>
>
>

Reply via email to